Hi,

We have setup a latest Xeams server for outbund delivery only. Emails are sent outbound from smtp.xxx.com. E-mail flow is working fine but for some emails we are getting "Possible forgery attempted for an outbound message". We noticed that these alerts are generated where FROM address is not smtp.xxx.com. We have 3rd part vendors who owns some equipment in our environments. These equipments are set to sent alerts out to them and FROM address is in format of vendor@vendor-domain-name (not smtp.xxx.com)  Obviously Xeams see vendor messages coming from a different domain, not from actual smtp.xxx.com domain , thus label them as a "forgery attempt". 

We have tried to add vendor's equipment IP's to our smtp.xxx.com domain's SPF record but it did help either. 

Can someone guide us , how can we address this issue? 

Thank you in advance for all your help.

Jamil Ahsan